On 5/2/05, Kenneth R. van Wyk <[EMAIL PROTECTED]> wrote: > Michael Silk wrote: > >I honestly don't believe that the consumers will _EVER_ care, and I > >don't believe that should have to. At most maybe they should just need > >to keep an eye out for a sticker, or star-rating (government approved) > >or something. But as you say, 'security' is 'hard to measure', so an > >approach like that won't work. > > As the saying goes, give the consumer the choice between security and > dancing pigs, and they'll pick dancing pigs every single time. There's > probably more than just a grain of truth to that.
I would too; I've never seen a dancing pig ... :) > Yet, despite that pessimistic outlook -- and the survey that forked this > thread -- I do think that companies are demanding more in software > security, even though consumers are not. I'm not aware of surveys that > directly address that, but it sure seems obvious to me that they are. Demanding more maybe, but getting charged for it too... so the problem is still there: security as a 'feature'. 'Security' needs to become a baseline, just like any other programming construct (maths, ...) But anyway, ... > Here's to wishful thinking, anyway! Agreed! -- Michael